[Samba] join domain - ou=people searched for machine accounts?

Paul Gienger pgienger at ae-solutions.com
Mon Aug 16 12:52:25 GMT 2004


This is a very very VERY often asked question in this forum, and 
documented in bugzilla.  Computer accounts need to be in the same OU as 
user accounts.  Some (within the samba team) call it a design issue, 
others (outside the samba team) call it a bug. 

Perhaps next time you could try the search? 

jo / ak wrote:

>When I try to join a domain from a win2k client to a samba 3.0.5
>PDC, I get the message "User not found". I use ldapsam, which
>works fine in all other respects.
>
>The strange thing is that the smbldap-useradd scripts terminates
>with 0, the machine account is created under "ou=systems" in the
>ldap database - all looks fine. Then a ldap search is triggered
>with a base "ou=people", nothing is found, and the error
>occurs.
>
>As workaround, I used smbldap-useradd without the "-w". The
>entry
>is created under "ou=people", and the join is finished
>sucessfully.
>
>
>[2004/08/15 21:29:27, 3]
>rpc_server/srv_samr_nt.c:_samr_create_user(2245)
>  _samr_create_user: Running the command
>`/usr/local/sbin/smbldap-useradd -w "at-4$"' gave 0
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam(293)
>  Finding user at-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(223)
>  Trying _Get_Pwnam(), username as lowercase is at-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(239)
>  Trying _Get_Pwnam(), username as uppercase is AT-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(247)
>  Checking combinations of 0 uppercase letters in at-4$
>[2004/08/15 21:29:27, 5] lib/username.c:Get_Pwnam_internals(251)
>  Get_Pwnam_internals didn't find user [at-4$]!
>
>
>
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 BIND
>dn="CN=SAMBA MANAGER,OU=SAMBA,DC=AKWEB,DC=DE" method=128
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=0 RESULT tag=97
>err=0 text=
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 ADD
>dn="UID=AT-4$,OU=SYSTEMS,DC=AKWEB,DC=DE"
>Aug 15 21:29:27 at-12 slapd[2459]: conn=1393 op=1 RESULT tag=105
>err=0 text=
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1393 op=2 UNBIND
>Aug 15 21:29:27 at-12 slapd[2881]: conn=-1 fd=35 closed
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SRCH
>base="ou=People,dc=akweb,dc=de" scope=1
>filter="(&(objectClass=posixAccount)(uid=
>at-4$))"
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=8 SEARCH RESULT
>tag=101 err=0 text=
>Aug 15 21:29:27 at-12 slapd[3817]: conn=1392 op=1 UNBIND
>Aug 15 21:29:27 at-12 slapd[3817]: conn=-1 fd=36 closed
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SRCH
>base="ou=People,dc=akweb,dc=de" scope=1
>filter="(&(objectClass=posixAccount)(uid=
>AT-4$))"
>Aug 15 21:29:27 at-12 slapd[2881]: conn=1389 op=9 SEARCH RESULT
>tag=101 err=0 text=
>Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=31 closed
>Aug 15 21:29:28 at-12 slapd[2446]: conn=-1 fd=32 closed
>
>from smb.conf
>
>        passdb backend = ldapsam:ldap://at-12
>        add user script = /usr/local/sbin/smbldap-useradd -a -m
>"%u"
>        add machine script = /usr/local/sbin/smbldap-useradd -w
>"%u"
>        ldap suffix = dc=akweb,dc=de
>        ldap machine suffix = ou=Systems
>        ldap user suffix = ou=People
>        ldap group suffix = ou=Groups
>
>
>  
>

-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger at ae-solutions.com




More information about the samba mailing list